Senior Security Engineer, Detection and Response
1Password
Job Overview
Who's the hiring manager?
Sign up to PitchMeAI to discover the hiring manager's details for this job. We will also write them an intro email for you.
Job Description
About the Role at 1Password
1Password is experiencing rapid growth, surpassing $400M in ARR and consistently earning a spot on the Forbes Cloud 100. As a leading brand in cybersecurity, 1Password focuses on Extended Access Management, ensuring secure identities, application sign-ins, and trusted devices for over 180,000 businesses globally. We're committed to building a safe, productive digital future by blending human-centric product strategy with cutting-edge security.
As a Senior Security Engineer, Detection and Response, you will be a crucial part of the Security Operations team, whose mission is to protect 1Password's business by securing systems, tools, and processes. Your role involves proactively monitoring, rapidly responding, and continuously improving preventative and detective controls to keep the company productive, resilient, and safe.
Key Responsibilities
- Design, build, and continuously improve threat detections across 1Password's infrastructure, products, internal tools, and corporate environments.
- Lead and support security incident response activities, including investigation, containment, remediation, and post-incident learning.
- Apply threat intelligence and knowledge of attacker TTPs to detection development, threat hunting, alert triage, and response prioritization.
- Collaborate with Security, Infrastructure, and IT teams to improve security visibility, logging quality, and response readiness.
- Use automation, scripting, and Detection-as-Code practices to scale detection and response workflows and improve reliability.
- Own end-to-end security projects aligned with Detection & Response initiatives and broader security strategy.
- Participate in a shared on-call rotation and support high-severity incidents as needed.
- Contribute to operational maturity through playbooks, mentoring, tabletop exercises, audits, and cross-functional initiatives.
Who We're Looking For
- Calm and effective under pressure, with a blameless, data-informed approach to incident response.
- Operationally minded, with strong judgment and a bias toward action and continuous improvement.
- Comfortable working across both detection engineering and incident response responsibilities.
- A collaborative teammate who values clear communication, shared ownership, and psychological safety.
- Motivated by protecting customers, employees, and the business through practical, high-impact security work.
Required Qualifications
- 5+ years of experience in security technical engineering roles, with 3+ years focused on security operations, detection engineering or incident response.
- Hands-on experience with detection engineering and automation, including SIEMs, SOAR platforms, behavior analytics, and Detection-as-Code workflows.
- Strong understanding of modern attacker techniques and how they apply to cloud-native, SaaS, and identity-centric environments.
- Experience with endpoint, runtime, and forensic tools across multiple operating systems.
- Knowledge of cloud environments (e.g., AWS, GCP) and security best practices for cloud-native systems.
- Proficiency with scripting and infrastructure tools (e.g., Python, Bash, Terraform, CI/CD pipelines) to support automation and internal tooling.
- Strong written and verbal communication skills, with the ability to explain complex security issues to both technical and non-technical audiences.
Our Culture and Work Environment
1Password fosters a remote-first culture established in 2005, emphasizing collaboration, transparent communication, and core values: simplicity, honesty, and putting people first. We embrace AI as an essential part of our future and encourage team members to actively learn and apply AI best practices. While remote-first, travel for in-person engagement is expected for most roles, including annual offsites and team meetings. We are an equal opportunity employer committed to a diverse and inclusive workplace.
What We Offer
- Competitive health benefits and generous PTO policy.
- Maternity and parental leave top-up programs.
- RSU program and retirement matching.
- Free 1Password account.
- Paid volunteer days.
- Peer-to-peer recognition through Bonusly.
Key skills/competency
- Threat Detection
- Incident Response
- Security Operations
- Detection Engineering
- Cloud Security
- SIEM/SOAR
- Automation
- Python Scripting
- Attacker TTPs
- Forensics
How to Get Hired at 1Password
- Research 1Password's culture: Study their mission, values (keep it simple, lead with honesty, put people first), remote-first approach, and commitment to AI innovation.
- Tailor your resume for security operations: Highlight extensive experience in incident response, threat detection, and detection engineering, emphasizing cloud-native and SaaS security.
- Showcase automation and scripting skills: Provide examples of using Python, Bash, Terraform, and CI/CD pipelines for security automation and Detection-as-Code practices.
- Prepare for incident response scenarios: Be ready to discuss your blameless, data-informed approach to handling complex security incidents under pressure.
- Demonstrate collaborative problem-solving: Emphasize your ability to work cross-functionally with Security, Infrastructure, and IT teams to enhance overall security posture.
Frequently Asked Questions
Find answers to common questions about this job opportunity
Explore similar opportunities that match your background